Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Tue, 24 Jun 2008 12:02:20 -0700
From: Drew Yao <ayao@...le.com>
To: oss-security@...ts.openwall.com
Cc: Vendor-Sec Distribution Vendors <vendor-sec@....de>
Subject: Re: ruby regression (was: Re: [vendor-sec] Ruby memory corruption bugs in array and string handling)

> Where did you get 1.8.6p231? The latest I see is 1.8.6p230, which,
> according to upstream's advisory [1], fixes the security issues.

Sorry, I meant p230.


> However, the test suite ("make test" in the
> build dir) passes. It was my understanding that the test suite should
> fail, given my reading of the forum thread linked to by the blog post
> Drew mentioned above: http://www.ruby-forum.com/topic/157034


I think make test is not the same test suite they're talking about.


---
Drew Yao
Apple Product Security


>

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ